OpenVPN tunnel as backup?

  • Hello all!

    Right now I have two sites running pfSense. Both are connected to the Internet.

    Primary site:
    Satellite site:

    The primary site runs OpenVPN Server, and the satellite site connects to it, forming a tunnel. Rules are configured as such that machines on both sides of the tunnel can access one another. This has worked fine - but the satellite site has a very low bandwidth Internet connection, so I'd been wanting to upgrade.

    Today I installed a wireless link between the two sites. It's basically a point-to-point WiFi connection, bridged only, which is functionally equivalent to a really long Ethernet cable.

    I'd like to attach both pfSense boxes to this wireless link, set up routes, and get the same behavior as we have now - that part would be fairly simple. What's a bit more difficult is, should that link fail (ie. pfSense boxes can no longer ping one another), I'd like to automatically bring up the OpenVPN connection and use that until the link recovers.

    Can anyone point me in the right direction on this? Thanks!


  • I think I've gotten a bit closer… added a virtual interface for the OpenVPN tunnel in question, which should open the door to doing failover in the usual way. The OpenVPN connection would always be up (as opposed to started when needed), but I can live with that. Will see if I can feel my way through it.

    I'd still appreciate hearing from anyone who's done this before, though!